Manager IT and Security

Job Summary

We are seeking a seasoned Information Technology & Security leader to head our IT and Security function at ScoutLogic, a fast-growing background check company. This leader will be responsible for ensuring the security, compliance, and operational reliability of our technology environment. The role requires a balance of long-term vision and hands-on execution to manage security certifications, vendor relationships, internal IT support, and alignment with software development teams to ensure industry leading information security standards.

Reports to: CISO and the Head of Business Operations & Strategy

Key Responsibilities

Strategy & Leadership

• IT Roadmap Ownership: Work alongside the CISO to define and execute a multi-year IT and security roadmap aligned with ScoutLogic’s business objectives, growth trajectory, and compliance commitments.
• Executive Communication: Regularly brief the CISO and leadership team on security posture, key risks, and IT initiatives in clear, business-focused language.
• Cross-Functional Leadership: Build strong partnerships with Operations, Sales, and Client Success to ensure InfoSec becomes a commercial asset (i.e., a driver of client trust and differentiation).

Security & Compliance

• Oversee the company’s information security program, ensuring compliance with industry regulations and best practices.
• Guide teams through the company's annual SOC 2 certification process, including readiness assessments, audit coordination, and collaborative remediation.
• Represent the company with clients’ IT and security executives by articulating our security posture, protocols, and compliance certifications.
• Maintain, and enforce information security policies, standards, and procedures.
• Continuously monitor and evaluate the company’s security posture, staying ahead of evolving threats and introducing proactive risk management practices, including penetration testing and threat modeling.
• Establish and lead incident detection, response, and recovery processes. Run tabletop exercises and ensure business continuity planning is robust.
• Oversee compliance with data privacy laws (GDPR, CCPA, etc.) given ScoutLogic’s handling of sensitive candidate information.

Vendor & Systems Management

• Manage all third-party technology vendors, ensuring adherence to security and performance standards.
• Oversee IT spend, ensuring cost-effective solutions without compromising security or reliability.
• Negotiate contracts and service-level agreements (SLAs) with technology partners.
• Conduct regular vendor security assessments and audits to mitigate third-party risk.

Internal IT Support & Infrastructure

• Lead a small internal IT team responsible for employee IT support, SaaS tooling management, hardware/software provisioning, and troubleshooting.
• Ensure reliability, availability, and performance of internal systems, and business applications.
• Oversee IT asset management, lifecycle planning, and disaster recovery preparedness.
• Implement employee training and phishing simulations to strengthen the “human firewall.”
• Lead team initiatives to automate IT support workflows, employee onboarding/offboarding, and compliance reporting processes, enhancing team productivity and organizational scalability.

Qualifications

• Bachelor’s degree in Information Technology, Computer Science, Cybersecurity, or related field
• 8–10+ years of progressive IT leadership experience
• Proven track record leading SOC2 or other security certifications and maintaining compliance with security regulations.
• Strong knowledge of information security and data privacy frameworks (ISO 27001, NIST CSF, SOC2, GDPR, DPF, etc…), and IT governance best practices.
• Experience managing vendor relationships, negotiating contracts, and overseeing IT budgets.
• Demonstrated ability to represent a company’s security posture with senior leadership team and auditors.
• Hands-on experience managing IT support teams and ensuring high-quality internal service delivery.
• Strong communication skills with the ability to translate technical concepts into business language.
• High integrity, collaborative mindset, and ability to thrive in a fast-paced, growth-oriented environment.
• Experience leading incident response or disaster recovery during a high-pressure event.
• Demonstrated ability to balance commercial pragmatism with compliance rigor.

Preferred Qualifications

• Certifications: CISSP, CISM, CISA, or equivalent.
• Familiarity with secure software development practices and working alongside product/engineering teams.
• Experience partnering with software development teams to ensure applications meet information security standards and comply with SOC 2, OWASP, and industry security requirements.
• Proven ability to provide guidance on secure coding practices, data protection requirements, and application security testing.
• Background participating in product and infrastructure design discussions to embed security into the SDLC (Software Development Lifecycle).